-
Notifications
You must be signed in to change notification settings - Fork 17
XSS Sanitation / Protection? #100
Comments
What is the threat? |
@firgon000 I don't know a whole lot about XSS, but @Bigghead mentioned it to me early on in this process. I would think people attempting to write scripts in our text areas where there is actually some room - bio, mentorship bio, etc. Not sure what could actually be accomplished if someone did... |
Looking for @Bigghead's expertise on this one. |
I've used something simple like express-sanitizer to get rid of script tags on the server. Some of the things people can easily do with XSS:
Or
|
Or Helmet.js. |
@Bigghead @no-stack-dub-sack I think React helps sanitize input for us? Like I don't care what script you write in any of our inputs, but it will just show up as that string of text later on...? Try it out on the live demo app if you can |
FCC Alumni Network CISO: Shav "Big Head" Parta |
lolz |
@bonham000 is right, I just read React helps prevents XSS, as they automatically escape certain html strings in inputs. |
React 👑 |
React is freakin awesome. That window.open trick broke my voting app the first time. I don't think we should worry about XSS injections too much (at all) with this app |
MEEN Stack? |
@bonham000 @Bigghead any thoughts?
The text was updated successfully, but these errors were encountered: